Updating Debian packaging to more appropiately match proper Debian Pa…

…ckaging standards

.github/workflows/publish_docker.yml

@@ -46,7 +46,7 @@ jobs:
 
       - name: Build package
         working-directory: panda/debian
-        run: ./setup.sh Ubuntu ${{ matrix.ubuntu_version }}
+        run: ./setup.sh Ubuntu ${{ matrix.ubuntu_version }} ${{ needs.create_release.outputs.v-version }}
 
       - name: Upload wheel and debian packages to release
         uses: softprops/action-gh-release@v2

panda/debian/Dockerfile

@@ -1,7 +1,9 @@
+ARG PACKAGE_VERSION=""
+
 # First run the main Dockerfile to build the base image and name it panda. Then we run here
 # to generate a debian package
 
-FROM debian:buster-slim
+FROM debian:bookworm-slim
 
 # Install necessary tools for packaging
 RUN apt-get -qq update && \
@@ -12,15 +14,34 @@ RUN apt-get -qq update && \
 COPY --from=panda /tmp/base_dep.txt /tmp
 COPY --from=panda /tmp/build_dep.txt /tmp
 
+# Copy libcapstone and libosi shared object files from panda
+RUN mkdir -p /package-root/usr/lib/x86_64-linux-gnu/
+COPY --from=panda /lib/libcapstone.so* /package-root/usr/lib/x86_64-linux-gnu/
+COPY --from=panda /lib/libosi.so /lib/libiohal.so /lib/liboffset.so /package-root/usr/lib/
+
 # Set up /package-root with files from panda we'll package
-COPY --from=panda /usr/local/bin/panda* /usr/local/bin/libpanda* /usr/local/bin/qemu-img /package-root/usr/local/bin/
-COPY --from=panda /usr/local/etc/panda /package-root/usr/local/etc/panda
-COPY --from=panda /usr/local/lib/panda /package-root/usr/local/lib/panda
-COPY --from=panda /usr/local/share/panda /package-root/usr/local/share/panda
+COPY --from=panda /usr/local/bin/panda* /usr/bin/libpanda* /usr/bin/qemu-img /package-root/usr/bin/
+COPY --from=panda /usr/local/etc/panda /package-root/etc/
+COPY --from=panda /usr/local/lib/panda /package-root/usr/lib/
+COPY --from=panda /usr/local/share/panda /package-root/usr/share/
+
+# Copy documentation over, we should have a better Changelog if we go for official release?
+# COPY ./LICENSE /package-root/usr/share/doc/panda
+# COPY ./README.md /package-root/usr/share/doc/panda
 
 # Create DEBIAN directory and control file
 COPY control /package-root/DEBIAN/control
 
+# Generate MD5 checksums for all files and save to DEBIAN/md5sums
+RUN cd /package-root && \
+    find . -type f ! -path './DEBIAN/*' -exec md5sum {} + | sed 's| \./| |' > /package-root/DEBIAN/md5sums
+
+# Update control file with the correct version, and place installed size
+ARG PACKAGE_VERSION
+RUN INSTALLED_SIZE=$(du -sk /package-root | cut -f1) && \
+    sed -i "s/^Installed-Size:.*/Installed-Size: ${INSTALLED_SIZE}/" /package-root/DEBIAN/control
+RUN sed -i "s/^Version:.*/Version: ${PACKAGE_VERSION}/" /package-root/DEBIAN/control
+
 # Update control file with dependencies
 # Build time. We only select dependencies that are not commented out or blank
 RUN dependencies=$(grep '^[a-zA-Z]' /tmp/build_dep.txt | tr '\n' ',' | sed 's/,,\+/,/g'| sed 's/,$//') && \

panda/debian/control

@@ -1,9 +1,15 @@
 Package: pandare
-Version: 3.1.0
-Architecture: all
+Source: MIT
+Version: <version-placeholder>
+Architecture: amd64
 BUILD_DEPENDS_LIST
 DEPENDS_LIST
-Maintainer: Andrew Fasano <fasano@mit.edu>
+Maintainer: Luke Craig <luke.craig@mit.edu>
+Installed-Size: <size-in-kb>
+Section: devel
+Priority: optional
+Multi-Arch: same
+Homepage: https://panda.re/
 Description: dynamic analysis platform
  Platform for Architecture Neutral Dynamic Analysis (PANDA) is a processor
  emulator designed to support analyses of guest code. PANDA supports record-

panda/debian/setup.sh

@@ -25,35 +25,51 @@ if [[ $# -eq 1 ]]; then
 	echo "	To build a package for current Ubuntu version:"
 	echo "	  $0"
 	echo "	To build a package for a specific OS/version (only Ubuntu supported for now):"
-	echo "	  $0 <OS> <version>"
+	echo "	  $0 <OS> <ubuntu-version> <tag-version>"
 	exit 1
 fi
 
 if [[ $# -eq 2 ]]; then
 	version=$2
-
 else
 	version=$(lsb_release -r | awk '{print $2}')
 fi
 
+if [[ $# -eq 3 ]]; then
+	tag_version=$3
+else
+	tag_version='v3.1.0'
+fi
+
+# Remove leading 'v' if present, e. g. v1.5.1 -> 1.5.1
+if [[ "$tag_version" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+    tag_version=${tag_version:1}
+fi
+
+# Check if the version follows the format X.Y.Z, e. g. 1.5.1 or 1.9.1
+if [[ ! "$tag_version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+    echo "ERROR: Version must be in the format X.Y.Z, provided tag version: $tag_version"
+    exit 1
+fi
+
 # Check if the given version is supported
 if [[ ! -f "../dependencies/ubuntu_${version}_base.txt" ]]; then
 	echo "ERROR: Ubuntu ${version} is not supported, no dependencies file found"
 	exit 1
 fi
 
 # Build the installer to generate the wheel file
-DOCKER_BUILDKIT=1 docker build --target installer -t panda --build-arg BASE_IMAGE="ubuntu:${version}" ../..
+DOCKER_BUILDKIT=1 docker build --target installer -t panda_installer --build-arg BASE_IMAGE="ubuntu:${version}" ../..
 
 # Copy wheel file out of container to host
-# this also preserves wheel name, which is important as pip install WILL fail if you arbitarily change the generated wheel file name
-docker run --rm -v $(pwd):/out panda bash -c "cp /panda/panda/python/core/dist/*.whl /out"
+# This also preserves wheel name, which is important as pip install WILL fail if you arbitarily change the generated wheel file name
+docker run --rm -v $(pwd):/out panda_installer bash -c "cp /panda/panda/python/core/dist/*.whl /out"
 
 # Finish building main panda container for the target ubuntu version
-DOCKER_BUILDKIT=1 docker build --target panda -t panda --build-arg BASE_IMAGE="ubuntu:${version}" ../..
+DOCKER_BUILDKIT=1 docker build --cache-from panda_installer --target panda -t panda --build-arg BASE_IMAGE="ubuntu:${version}" ../..
 
 # Now build the packager container from that
-docker build -t packager .
+DOCKER_BUILDKIT=1 docker build --cache-from panda -t packager --build-arg PACKAGE_VERSION="${tag_version}" .
 
 # Copy deb file out of container to host
 docker run --rm -v $(pwd):/out packager bash -c "cp /pandare.deb /out"